|
|
On Fri, 12 Aug 2011 12:21:06 +0100, Invisible wrote:
>> So in other words, you'd test your passwords offline before choosing
>> them.
>
> I'm actually tempted to go take a password cracker to our network and
> see how quickly it can guess everybody's passwords. >:-D
>
> Unfortunately, I downloaded the cracker do I could go try it in a test
> environment, and the AV software went mental...
>
> (Obviously, before you try breaking people's passwords "for real", there
> are various political issues to consider. But I didn't even get as far
> as /testing/ the tool, since the AV classes it as "greyware". Which I
> suppose is reasonable.)
Indeed, the proper way to do this in a production environment is to get
the approval of management so they know what you're doing and why. It's
a 'security audit' or 'password audit'. You don't want to get caught
doing any kind of penetration testing on your company's network without
TPTB being aware of it - that can lead to serious consequences
(potentially personal legal liabilities for that matter).
Jim
Post a reply to this message
|
|